Re: Background Intelligent Transfer Service, Possible Security Hole?
From: Jeff Roberts [MSFT] (jroberts_at_microsoft.com)
Date: 08/12/03
- Next message: totojepast: "Re: READ THIS if you have problems with your RPC service, svchost.exe or similar."
- Previous message: Bob: "Intrusion"
- In reply to: Jim Garrigan: "Background Intelligent Transfer Service, Possible Security Hole?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 11 Aug 2003 18:13:36 -0700
"Jim Garrigan" <garrigan@garden.net> wrote in message news:<001c01c35f69$18a66a30$a601280a@phx.gbl>...
> I believe that someone was connected to my laptop via the
> Background Intelligent Transfer Service. When I shutdown
> the service the session was disconnected. I confirmed
> this interaction by starting the service. After the
> service started the session was connected again via
> another port. Once again I shutdown the service and the
> session dropped.
Jim,
Most likely one of the apps on your computer is requesting an update.
Applications that use BITS to download updates include MSN Messenger,
Windows Auto Update, and MSN Explorer.
You can view the list of active BITS jobs using BITSADMIN.EXE from the
Support Tools directory of the Windows XP CD. BITSADMIN is not
shipped with Windows 2000, but a workaround exists. Microsoft
Software Updates Service (SUS) provides a diagnostic tool to
troubleshoot issues related to SUS and this tool includes
bitsadmin.exe. Following is the location of the tool:
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd915706/MPSRPT_SUS.EXE
Please see the README file
about what the tool does before downloading and running the tool.
Information about the tool is at
Since this is a SUS diagnostic tool, it will extract the binaries in
%SystemRoot%\MPSReports\MSUS\bin and then runs the tools to collect
the SUS related information. The tool collects the information and
stores it in files
on the machine.
You will be able to copy bitsadmin.exe from the
%SystemRoot%\MPSReports\MSUS\bin directory. Once you copy
bitsadmin.exe to another location, you can remove the
%SystemRoot%\MPSReports directory and this will remove all the other
files that have been extracted and the information collected.
Once you have BITSADMIN available, you are ready to look at the job
queue. Open a command prompt and type
bitsadmin /list /allusers
to see a condensed list, or
bitsadmin /list /allusers /verbose
for more detail including the URLs to be downloaded.
Hope this helps,
Jeff
[This posting is provided "AS IS" with no warranties, and confers no
rights.]
- Next message: totojepast: "Re: READ THIS if you have problems with your RPC service, svchost.exe or similar."
- Previous message: Bob: "Intrusion"
- In reply to: Jim Garrigan: "Background Intelligent Transfer Service, Possible Security Hole?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
